Scammers mail out fake hardware wallets to victims of Ledger data breach

Scammers mail out fake hardware wallets to victims of Ledger data breach

The consequences of Ledger’s major data breach continue to be felt almost a year later. One contributor to the r/Ledgerwallet forum on Reddit, writing under the tag u/jjrand and self-identified as one of those affected by the breach, has posted images of what appears to be a fake Ledger Nano X wallet received in the mail.

Wrapped in seemingly authentic packaging, the device nonetheless included several tell-tale signs that sparked the contributor’s suspicion. Most jarringly, the package came together with a poorly written letter claiming to be signed by Ledger CEO Pascal Gauthier, telling its recipient:

Our top trading bots

“For security purposes we have sent you a new device you must switch to a new device to stay safe. There is a manual inside your new box you can read that to learn how to set up your new device. For this reason, we have changed our device structure. We now guarantee that this kinda breach will never happen again.”
Scammers mail out fake hardware wallets to victims of Ledger data breach
Box containing allegedly fraudulent Ledger device, received by reddit user u/jjrand. Source: Reddit
Scammers mail out fake hardware wallets to victims of Ledger data breach
Scam letter purportedly written and signed by Ledger CEO Pascal Gauthier. Source: Reddit

Aside from the letter, u/jjrand also received a fake manual, enclosing instructions regarding how to use the device and, crucially, asking that the user enter their private Ledger recovery phrase to connect their cryptocurrency wallet to the new hardware. On the basis of further images showing the device’s circuit board uploaded to Reddit, security researcher Mike Grover told BleepingComputer that the fake device was tampered with:

“This seems to be a simply flash drive strapped on to the Ledger with the purpose to be for some sort of malware delivery. All of the components are on the other side, so I can’t confirm if it is JUST a storage device, but [...] judging by the very novice soldering work, it’s probably just an off the shelf mini flash drive removed from its casing.”

Grover highlighted a section of the back of the device, showing the flash drive implant and noting that “those 4 wires piggyback the same connections for the USB port of the Ledger.” 

Scammers mail out fake hardware wallets to victims of Ledger data breach
Back of fake Ledger device. Source: Reddit, with highlight added by Mike Grover 
Scammers mail out fake hardware wallets to victims of Ledger data breach
Back of authentic Ledger device. Source: BleepingComputer

On the basis of Grover and BleepingComputer's analysis, it appears that the heist is designed to intercept the user’s entered recovery phrase in order to reroute the details to a device controlled by the scammers, which they can then use to steal the associated cryptocurrency holdings.

Related: Ledger data leak: A ‘simple mistake’ exposed 270K crypto wallet buyers

In an online post dated May 10 but not cited by u/jjrand, Ledger had already warned customers against the fake letter and device, stating that:

“The fake user guide in the Nano’s box asks the user to connect the device to a computer. To initialize the device, the user is then asked to enter his 24 words in a fake Ledger Live application. This is a scam. Do not connect the device to your computer and never share your 24 words. Ledger will never ask you to share your 24-word recovery phrase.”

While the warning is included as part of Ledger’s online list of phishing campaigns of which the company is aware, it is unclear whether the company has reached out to users directly, especially those whose leaked details may leave them more susceptible to falling for the ruse.

Cointelegraph has reached out to Ledger for comment and will update this article with further information regarding this issue.

As previously reported, other consequences of the data leak have included Ledger users receiving emails from extortionists threatening physical violence or other criminal attacks. The original data breach had occurred in June and July 2020 and included 1,075,382 email addresses from users subscribed to the Ledger newsletter. It notably also involved the leak of personal information (including home addresses) associated with 272,853 hardware wallet orders. 

Continue reading at Cointelegraph
Binance stops stock token sales, ‘effective immediately’
Binance’s highly popular stock tokens, a relatively recent offering, are being wound down immediately. In an announcement published on Friday, the exchange...
EU eyes new money laundering regulator and stricter crypto reporting requirements
The European Union is looking to launch a new agency designated with cracking down on money laundering at the regional level, with increased reporting requirements...
Price analysis 6/28: BTC, ETH, BNB, ADA, DOGE, XRP, DOT, UNI, BCH, LTC
Bitcoin (BTC) is attempting to stage a relief rally but analysts at JPMorgan Chase believe that the short-term setup looks challenging. However, the analysts...
Hodlers see opportunity in Bitcoin price crash, CoinShares exec says
The downward trend in Bitcoin’s (BTC) price following its April all-time high might be worrying for first-time investors. Still, CoinShares chief strategy...
Canada’s Hive Blockchain Technologies approved for Nasdaq listing
While the SEC continues to slow-roll the listing of a Bitcoin ETF, traders on legacy exchanges eager to get some exposure to crypto will soon have another...
Algorand (ALGO) price strengthens as institutional investors back the project
Consolidation periods tend to follow strong rallies but they also present a good opportunity to survey the field and evaluate projects that have strong...
Fantom to pilot blockchain-based IT solutions in Uzbekistan
The Fantom Foundation has announced a joint venture with AG Mentors Group headed by former Uzbekistan Deputy Prime Minister Elyar Ganiev.According to the...
No, Musk, don’t blame Bitcoin for dirty energy — The problem lies deeper
Elon Musk is definitely interested in digital currency, but it seems that he doesn’t want to understand it. At least, I worry that he doesn't have a deep...
Finance Redefined: Parachute journalism on the frontlines of DeFi! May 19-26
As a kid who grew up in a podunk-nothing, mid-sized American city, I know what it’s like to read parachute journalism covering topics and stories close...
Bulgaria Launches One of the First Blockchain Master’s in Europe
As the hype over blockchain does not abate, more industries embrace this tech trend (or plan to do so). The adoption of DLT is sprawling to such spheres...
Canadian Gov’t Launches Ethereum Blockchain Explorer
The Canadian gov't has set off a DLT explorer developed on the basis of the Ethereum Net. Thanks to the app, it will always be possible to access the data...
Pantera Capital’s Founder Says You Should Invest In BTC NOW
Dan Morehead, a constitutor of Pantera Capital Management, says it is better to purchase bitcoin when it’s price is low. And right now is that moment....
A Coder Stored The Historic Korean Peace Declaration On Blockchain
On April 27, the history was made as CoinDesk Korea. The 27-year-old man was the one who programmed the agreement both in Korean and English languages...
Hackers Cracked the DNS-server Of BlackWallet And Stole $400 Thousand In The Cryptocurrency
Unknown hackers broke into the DNS server of the BlackWallet.co service, which provides Web-wallets for the Stellar Lumen (XLM) cryptocurrency. They...
How Etherbanking Is Going To Change The Banking System
Taking an advantage from the Ethereum blockchain, the banking app Etherbanking is to wind up unwanted costs in the classical financial world. How does...